Find out the exact location of the person
This article will show how to use social engineering to find out the exact (home) location of the person. This will be important for those who want to protect themselves from such attacks - you will see what absolutely can not be done on unreliable sites and find out what information the person who sent you the link can get about you.
The described attack will work if the user opens the link from a mobile phone or Desktop and allow the site to use the user's location. Regardless of whether GPS is turned on, when a user opens a link, we get the following information:
- operating system
- Platform
- The number of processor cores
- RAM Capacity - Approximate Results
- Screen resolution
- GPU Information
- Browser Name and Version
- Public IP address
If permission to access the location is obtained, we can obtain
- longitude
- latitude
- accuracy
- altitude - not always available
- direction - only available if the user is moving
- speed - only available if the user is moving
The action algorithm is very simple:
1. We are launching a phishing site, which, under the pretext of, for example, searching for new friends nearby, asks for permission to determine the user's location.
2. We will send the user a link to our site.
3. If the user gives permission to the site to get his location, then we will find out to the nearest tens of meters where he is now.
4. Even if the user does not give permission, but clicks the link, we will find out his IP address, web browser model, and some other characteristics of his phone or computer.
Programs for finding the location
We will need two programs:
Seeker- launches a phishing site and analyzes the received data.
Ngork - in case you do not have a white IP address (or hosting); This program allows you to create links to your site so that the site on your local computer can be opened on the Internet.
I will show an example of an attack from Kali Linux. If you don't have Kali Linux then you can do this on Android by installing the Termux app in it but note your Android must be root to run these tools on Termux.
Installation steps for Seeker in Kali Linux
sudo apt-get update
sudo apt-get install python3 python3-pip php ssh git
pip3 install requests
git clone https://github.com/thewhiteh4t/seeker
cd seeker
python3 ./seeker.py -h
Installation steps for Ngrok in Kali Linux
wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip
unzip <folder name of Ngrok here>
Now go to the Ngrok website and complete the signup procedure
After signup, you will see your auth token at the Ngrok website. Now give the below command replace <YOUR_AUTH_TOKEN> with your token.
./ngrok authtoken <YOUR_AUTH_TOKEN>
Running the above command will add your auth token to your ngrok.yml file. Connecting an account will list your open tunnels in the dashboard, give you longer tunnel timeouts, and more
chmod +x ./ngrok
./ngrok -h
Seeker instruction for use
Everything is very simple, run seeker
python3 ./seeker.py -t manual
Here you will see two ready-made templates to choose from.
[+] Select a Template :
[0] NearYou
[1] Google Drive
[2] WhatsApp
If I choose 0 the NearYou will be displayed
Then the information will be displayed.
[+] Port : 8080
[+] Starting PHP Server......[ Success ]
[+] Waiting for User Interaction.
It says that the PHP server has been successfully launched and expected user interaction.
Now, to create a tunnel from the Internet to our local server, in another window, run Ngrok :
Link http://16377e74.ngrok.io is generated. Now, this link must be sent to the victim. Suppose a user opens a link on the desktop.
In this case, he will see:
The page looks very good with beautiful animation. The inscriptions indicate that this service will allow you to find people near you and make new friends. Suppose the user clicks the continue button:
A location request will be generated.
In the seeker window, we will see the following:
The accurate location data received. For convenience, a link to Google maps is also given. By clicking the link You will be redirected to Google Map. The map will display the accurate location of the person.
It is also said that the data is saved to a file along the path ./seeker/db/results.csv (relative to the folder with seeker files). This file stores all data, including from previous attacks.
Things to be improved to make the attack more professional.
Despite the full implementation and packaging into a convenient and simple program, these are more tools to demonstrate the working concept of an attack than a real attack.
When performing a real attack, you can make the following improvements:
1. Translate phishing site templates into the target user's language.
2. create your own templates.
3. use the link shortener. For example Bitly.
4. use a domain or subdomain suitable for the situation.
5. if you continue to use Ngrok, then at least move the templates to a subfolder so that the link contains the appropriate path for the situation.
6. improve the algorithm: if location data are not received, then write a recommendation to the user to open the link from the phone.
7. record all cases when the link was opened, even if the user did not click the button (you can even find out at least the user's IP address).
Note: If you don't have Kali Linux then you can perform this on Android also by installing the Termux app on Android. But also your Android must be rooted to perform this attack.
For education purpose only.
You might also like: